How to beat MPack

MPack is one of the most popular for-sale hacking utilities on the market (see more information here and here). In an effort to assist IT managers with the challenges of defending against the capabilities placed in the hands of MPack owners, Andrew Martin has written a paper on exploit prevention and response. The following is the abstract:

This research paper is divided into two basic sections. Section 1 describes the MPack exploitation kit which has made a big splash in the security world recently. This involves an analysis of how MPack works including how it infects a userâ€™s PC, the look and feel of its payload and the evasion techniques it uses to hide its presence from Intrusion Detection Systems. Following this, the author sets out how to respond to a sample MPack attack by using the incident response process. This covers how to identify, counter, and eliminate the threat using a variety of approaches & techniques. The analysis is performed without access to the MPack source code to reflect real world circumstances.

The second section steps back from the specific technical aspects of MPack to set out a basic primer for IT staff to handle an MPack attack. By extension, techniques discussed here may be used to investigate other similar attacks. The analysis is structured using the SANS PICERL methodology and covers: Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned.

We conclude with lessons learned and provide a â€œTo do listâ€ for organizations to detect and counter such threats.

Disclaimer: Blog contents express the viewpoints of their independent authors and
are not reviewed for correctness or accuracy by
Toolbox for IT. Any opinions, comments, solutions or other commentary
expressed by blog authors are not endorsed or recommended by
Toolbox for IT
or any vendor. If you feel a blog entry is inappropriate,
click here to notify
Toolbox for IT.